ibi systems iris

Product InformationISMS‐ und GRC‐Software

Content

Advantages and overview 3

Highlights 9

Security Management 4

Compliance Management 7

Functions 8

Launch and training 11

Technology 12

Governance Management 5

Risk Management 6

License, operating and references 13

About ibi systems GmbH 14

ibi systems GmbH 2

Date: October 2018

Advantages and overview

ibi systems iris is a software for ISMS and GRC management – sustainable and economically valuable.

The special added value lies in the integrative applicability, the integrated know‐how such as best practice standards, controls or measures as well as the sustainable and secure technology based on ASP.NET.

The advantages of ibi systems iris are convincing and result in a large number of awards and distinctions – for example with the IT Innovation Award in the IT Security category and with the Industry Prize of Huber Verlag für Neue Medien GmbH.

integrativesolution

sustainabletechnology

integriertesknow‐how

Licensing is based on the named user license model. The operation of the software can be carried out within the framework of a SaaS model by ibi systems. Alternatively, the operation on the server of the customer is possible ﴾On Premises﴿.

ibi systems GmbH 3

4

Security Management

Information Security Management System ﴾ISMS﴿

ibi systems iris supports the launch, operation and optional certification of an information security management system ﴾ISMS﴿ according to ISO/IEC 27001 or IT‐Grundschutz.

Security Audits

With ibi systems iris you plan and manage all security audits in your company as well as a comprehensive follow‐up with all identified audit findings and the resulting risks and measures. For example, according to the requirements catalog Cloud Computing ﴾C5﴿ of the BSI.

• Central planning, management and documentation of internal and external security audits• Specification of the assessment objects ﴾affected organization units, assets, processes, rules and regulations﴿• Task sharing in the audit process ﴾audit templates, planning, assessor, reviewer, etc.﴿• Identification and description of findings including management of measures• Derivation of risks from previously identified findings ﴾e.g., vulnerabilities﴿

Business Continuity

With ibi systems iris you implement a system‐based emergency management according to common standards such as ISO 22301 or BSI 100‐4.

• Performance of Business Impact Analysis ﴾BIA﴿• Recording of business continuity and recovery plans ﴾emergency manuals﴿• Planning and performance of emergency drill• Recording, documentation and treatment of emergency events• Holistic emergency management including risk analysis

ibi systems GmbH

• Management of IT architecture ﴾assets and processes﴿ including protection requirements, threats and activity recommendations

• Creation of the Statement of Applicability ﴾SoA﴿• Management of relevant documents ﴾policies, protocols etc.﴿• Gap analyzes and audits e.g., based on ISO 27001/2 incl.

recording of findings ﴾e.g., vulnerability, deviation﴿• Recording, evaluation, treatment and monitoring of IT risks

including management and tracking of measures• Management of Information Security Incidents ﴾Security Incident Management﴿

Corporate and IT Governance

ibi systems iris guides your business through internally and externally defined requirements and policies. Make sure you comply with these requirements and define and plan measures that ensure their implementation and thus the achievement of the company’s goals.

• Recording, administration and versioning of all internal and external requirements and policies

• Planning and performing audits to check compliance with requirements and policies

• Defining and planning measures to ensure compliancewith requirements and policies

Internal Control System ﴾ICS﴿

With ibi systems iris you operate an effective and efficient internal control system ﴾ICS﴿ and reduce the effort while at the same time increasing transparency.

„By using ibi systems iris, we were able to completely replace our Excel‐administered control system and shift the focus of audit execution administration to audit content, adequate evidence and follow‐up actions.

The centralized documentation makes reports and proofs available at the push of a button and therefore the entry point for audits and the source for customer reports.“

Markus Wolf, CACEIS Bank S.A.,Germany Branch 

Governance Management

• Definition of control context ﴾organizational structure, assets, processes, laws and regulations etc.﴿

• Administration of individual control templates• Planning and assignment of controls including

e‐mail notifications• Wizard‐based performance of controls including proof and

findings • Filing of all relevant documents• Recording, evaluation and treatment of resulting risks

ibi systems GmbH 5

6

IT Risk

With ibi systems iris you operate an effective and efficient risk management according to ISO 27005.

• Recording of relevant assets, processes, threats and vulnerabilities• Identification and description of risks• Analysis and evaluation of risks• Risk treatment including definition and tracking of measures • Iterative process of risk evaluation and treatment• Continuous monitoring of risks and measures with controls and indicators

Operational Risk

With ibi systems iris you capture the risk of losses caused by the inadequacy or failure of internal processes, people and systems, or by external events. This includes legal risks that are particularly relevant for banks and insurance companies.

• Link with legal regulations• Categorization of risks according to Basel II/III• Monitoring of risks through indicators which can be included in the evaluation• Assignment of risk owners who evaluate the risk and define the treatment measures

Enterprise Risk

Capture all relevant risks in just one system and ensure the best possible comparability of all risks through a uniform approach.

Risk Management

ibi systems GmbH

• Recording, evaluation, treatment and monitor of all relevant risks in the company

• Categorization of all risks ﴾operational, financial, strategic﴿• Definition and tracking of measures for risk treatment and

prevention • Evaluation of the damage impact and likelihood of damage for

risks with freely configurable values

Directives & Policies

With ibi systems iris you always ensure that you comply with relevant directives and policies. Check compliance and document the approval process of exceptions.

• Management of all directives and policies• Management of exceptions including documentation of requests• Categorization of requests ﴾e.g., release, statement﴿• Consistent decisions on similar requests through intelligent adoption of historical approvals

Data Protection

ibi systems iris supports the development and operation of an effective data protection management system ﴾DPMS﴿. In this way, you meet the requirements of EU‐GDPR and other relevant laws and regulations with the help of an intelligent tool.

• Administration of data protection relevant processes• Directory of processes according to EU‐GDPR • Recording, evaluation and treatment of data protection risks, including management and tracking of measures

﴾art. 35 EU‐GDPR, data protection impact assessment﴿• Performance of audits including identification of findings that may lead to a risk • Collection and processing of data protection incidents

Compliance Audits

ibi systems iris supports and ensures compliance with increasingly complex and heterogeneous external requirements, laws and regulations. With ibi systems iris you have an effective compliance management tool according to best practice ﴾ISO 19600﴿.

Compliance Management

• Recording of all external requirements, laws and regulations• Recording, evaluation and treatment of compliance risks

incl. management and tracking of measures• Guarantee compliance with regulations through

compliance audits• Recording and managing compliance violations

﴾identification of findings during the audits﴿

ibi systems GmbH 7

Functions

MY IRIS

REPOSITORY ARCHITECTURE ASSESSMENTS

FINDINGS INDICATORS RISKS

EMERGENCY MEASURES DOCUMENTS

Central management cockpit with individual dashboard widgets with tasks, messages, reminders and series elements

• Creation and management of standards, regulations, norms and internal policies

• Management of statements and exceptions

• Overview and processing of findings ﴾e.g., vulnerabilities﴿

• Management of damage events

• Asset and process management with activity recommendations

• Protection requirements, business continuity management and business impact analysis

• Creation, scheduling and performance of assessments

• Review of assessments by automatically generated sample

• Creation and management of indicators

• Controlling the continuous recording of measurements

• Actions for breached or not fulfilled values

• Creation, evaluation and treatment of risks

• Definition of risk treatment options

• Creation of emergency scenarios• Execution of emergency

simulations and drills• Creation of emergency events

• Overview and management of measures

• Tracking of measures

• Overview and management of documents

• Verification of document validity

REPORTING

• Export of reports based on manageable templates ﴾word, pdf, excel, e‐mail﴿• Export of all filterable and customizable lists ﴾pdf, excel, csv, rtf ﴿• Individual report generation with integrated report designer

8ibi systems GmbH

Highlights

ibi systems iris offers further support by the possibility to define complex filter parameters and to link filter criteria with one another. The filters can also be customized and saved individually for each user or each user group. The export of the lists with the relevant information is possible by mouse click into common file formats.

Individually customizable list viewsAll list‐ or tree‐views in ibi systems iris are user‐specific. At any time, you can flexibly display or hide the attributes that are relevant to you in columns, thereby preparing information according to your own needs.

By customizing, it is also possible to define any specific actions for automating internal processes ﴾e.g., automatic archiving of a report after closing an assessment﴿. Furthermore, workflow wizards can be defined that guide the user through individually arranged input windows.

Intelligent workflow supportibi systems iris provides you with valuable and sustainable operational support through comprehensive workflow and automation options. For example, every user can be notified by e‐mail as soon as he is assigned a responsibility or a task.

Thus, you can view all important information about a record in a clear detailed view and, for example, display and edit the listed information of a risk on only one page without having to jump back and forth between pages.

Clear detail viewsAll information and assignments of a data record are saved in several tabs. The overview summarizes this information and allows you to add and edit assignments to other elements of ibi systems iris.

ibi systems GmbH 9

• Over 40 theme‐specific standard widgets such as risk‐map, untreated findings, upcoming assessments, or an overview of all open measures

• Individual dashboards for every functional area in ibi systems iris • User‐specific customization of the dashboards via drag‐and‐drop, including free scaling and positioning• Drill‐down functionality within the widgets up to the individual data set – for example to an untreated risk or a

still open measure

Configurable DashboardsWith meaningful widgets in the dashboards, ibi systems iris provides you with a concise summary of relevant information on all data stored in a functional area:

• Many established standard reports • Individual adaptability of the standard reports according to your own wishes • Creation of own reports according to individual requirements in expert mode• Automatic storage of reports as documents in ibi systems iris • Export of reports in various file formats ﴾word, pdf, excel, e‐mail﴿

Integrated reportingWith ibi systems iris, you can report quickly, target‐group‐specific and reliable. The integrated reporting engine enables you to make state‐of‐the‐art reporting according to your own wishes and needs:

It contains useful information on the structure of the current page and the underlying functionalities and internal procedures. Illustrative application examples give you suggestions for using the individual functions in ibi systems iris. Explanatory diagrams also help you with complex topics.

Context related helpibi systems iris supports you in your daily work through a comprehensive context‐related help, which can be accessed on any page in the software. The help page dynamically adjusts to the currently displayed area.

10ibi systems GmbH

Launch and training

Professional assistance in configuration and launchBenefit from our experience in configuration and launch of ibi systems iris. Optimal realization considering your individual needs and aims is in our focus.

• Selection of suitable functions• Implementation of your role and legal concept / connection to active directory• Configuration of individual fields and workflows• Interfaces to individually relevant systems and applications• Operating and backup• Project management and support

Exemplary launch processs

requirements comparison connecting interfaces launch support

project management

training and qualification

„Through our interdisciplinary know‐how, we support our customers in all project phases – starting with technical issues in the ISMS and GRC environment, through the selection and conception of a system environment tailored to individual needs, right through to the successful piloting and implementation of the ibi systems iris software.

The personal support of our customers by our experts is a matter of course for us even after the piloting and introduction. The resulting close partnership allows us to respond specifically to customer requests and align the further development of our software to the needs of our partners.“ 

Dr. Christian Ritter, Senior Product Manager, ibi systems GmbH

Proven training program with certificateExpand your know‐how through our “Certified ibi systems iris Expert” training program, which will train you in all functions of ibi systems iris.

Optionally relevant areas of solution are presented in detail and the supporting use of the software will be illustrated.

ibi systems GmbH 11

Technology

Architecture

ClientBrowser Any client

e.g., reporting tool, windows applicatione.g., internet explorer, firefox, chrome

Database

Relational database

MSSQL

Web server

iris workflow

iris web iris api

Business logic External services

Data security and data permissions

Entity framework

ASP.NET MVC Soap web services

Authentication and authorization

• 8 vCore/Core• 16 GB RAM• 80 GB operating system• 500 MB application• 10 GB of data with the possibility

to expand

System requirements

• Windows Server from version 2008 SP2 ﴾x86/x64﴿• IIS from version 8.0• .NET framework version 4.7.1• Host name and SSL certificate

• Microsoft SQL server version 2008 or higher• 4 vCore/Core• 8 GB RAM• approx. 30 MB initial size of data

Operating systemServer Database

12ibi systems GmbH

License, operating and references

License and operatingThe software is based on the named user license model. For each user, a registered access is created in ibi systems iris. Each active user occupies a license, which always includes the full range of functions. A user’s authorizations can be controlled individually and with fine granularity by creating and assigning roles.

ibi systems iris is licensed in form of packages including a maximum number of users for the operation of up to three environments ﴾e.g., productive, test, integration﴿. The price per license depends on the total number of licenses purchased.

The operating of the software ibi systems iris is possible both in your own data center ﴾On Premises﴿ and as a service by ibi systems ﴾SaaS﴿ in an ECO 5‐Star and ISO 27001 certified data center.

References ﴾excerpt﴿

ibi systems GmbH 13

About ibi systems GmbH

ibi systems GmbH stands for “intelligent business information systems” and is a leading provider of ISMS and GRC software as well as concomitant consulting. ibi systems was founded in 2012 as a spin‐off of the University of Regensburg and is based in Regensburg, Germany.

Memberships, network and partnersibi systems cooperates with renowned technologies and business partners, like for example Microsoft BizSpark and is an active member of the Alliance for Cyber Security, an initiative of the German Federal Office for Information Security ﴾BSI﴿. Furthermore, ibi systems is active in the Bavarian IT Security & Safety Cluster, ISACA Germany Chapter e.V. and German Informatics Society ﴾GI﴿.

Maximum performance

We employ outstanding and best qualified personalities, which are surpassingly passionate and interested in their work. In this way fun and success build our working base and make us an extremely attractive employer and business partner.

Intelligent products and services

With our solutions, products and services, the intelligent and integrative support of complex business processes is of top priority. We achieve this due to our interdisciplinary know‐how.

Customer focus

With our customers, we maintain long‐term relationships with the goal of sustainable mutual appreciation. We achieve this through intensive exchange and regular user days.

Fachliche und technologische Nachhaltigkeit

We implement our solutions, products and services in accordance with highest objective requirements. In doing so, we satisfy relevant best practice and industry standards and guarantee optimal interoperability.

14

„The value of the products, solutions and services of ibi systems GmbH is based on interdisciplinary know‐how, extensive technology skills and proven methods in implementation.“

Dr. Stefan Wagner, Managing director, ibi systems GmbH

ibi systems GmbH

ibi systems GmbH

Franz‐Mayer‐Straße 193053 RegensburgGermany

Information and Consulting

phone: +49 ﴾0﴿941‐462939‐0e‐mail: info@ibi‐systems.dewww.ibi‐systems.de